multipleof4/KalBot
1
0
Fork 0
mirror of https://github.com/multipleof4/KalBot.git synced 2026-03-16 21:41:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Implement signed HttpOnly session cookie

Browse Source
This commit is contained in:
multipleof4
2026-03-15 14:22:20 -07:00
parent d2d742df3b
commit e5565327ec
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/api/login/route.js
View File

@@ -1,5 +1,6 @@
import { NextResponse } from 'next/server';
import crypto from 'crypto';
import { signSession } from '../../../lib/auth';
export async function POST(req) {
try {
@@ -15,8 +16,21 @@ export async function POST(req) {
}
if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
// Real implementation would set a JWT or session cookie here
return NextResponse.json({ success: true, message: 'Welcome back, Master!' });
// Generate our secure edge-compatible token
const token = await signSession();
const response = NextResponse.json({ success: true, message: 'Welcome back, Master!' });
// Set it as an HttpOnly cookie so JavaScript can't touch it
response.cookies.set('kalbot_session', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
path: '/',
maxAge: 60 * 60 * 24 // 1 day in seconds
});
return response;
} else {
// Trigger NTFY alert for failed login
if (process.env.NTFY_URL) {